The reality of resilience to ransomware

Ransomware attacks don’t often make the news, but we’ve all heard the stories. A business is attacked. Its systems are locked. The criminal group demands payment. And everything stops while a decision is made. It’s busy, dramatic, and the focus is always on the demand and whether it was met. What receives far less attention is what happens next.

 

For small and medium-sized businesses, the aftermath of a ransomware attack is often where the real damage is done. It’s not just about the initial disruption when the malware is identified. There’s a long and costly recovery process to navigate, and too many companies fail to come out of the other side. And that’s partly because they didn’t have the infrastructure in place to protect themselves before the event.

 

Backups vs resilience

Everyone knows that they should back up their data. It’s become standard practice. Unfortunately, along with the knowledge comes the assumption that backups mean that the business is protected against ransomware. But while it does play a part, the reality is far more complicated.

 

It’s relatively easy to create a backup strategy that appears robust on paper. But all too often, under real incident conditions, these strategies fall apart. Mainly for practical reasons. Some backups are incomplete. Others are corrupted without anyone realising. In some cases, businesses find out that their backup schedules were wrongly configured. And even when none of that happens to be the case, recovery times are simply far too slow for the demands of the business. Your data might be recoverable, but if restoration takes days or weeks, the interruption can have huge ramifications for your customers and your business.

 

And that’s the misconception. Any business can have backups, but this doesn’t always equate to resilience. It’s great that you’ve got your data, but if your systems can’t be restored quickly and securely, your business may still be in trouble.

 

The risk of recovery failure

When we think of the financial impact of ransomware, most people focus on payments. But downtime is often the greatest threat. When systems are unavailable, you can’t invoice customers, process orders, access records, or communicate internally. Productivity, customer trust, and supplier confidence all fall. And then there’s the inability to meet regulatory obligations. In some sectors, this alone can be damning to the point of irrevocability.   

 

The problem is that many SMEs simply don’t have the internal technical capacity to manage recovery properly. They don’t have the dedicated teams and recovery specialists you find at enterprise level. So, they make rapid, knee-jerk decisions that often inadvertently slow the recovery process and cause longer-term damage.

 

Why does this happen?

It’s partly because SME underestimate their exposure. They believe ransomware is primarily a threat to large corporations or public institutions with the means to make ransom worthwhile. But it’s not a valid assumption. In fact, smaller businesses are increasingly becoming the target because attackers understand that they don’t have the infrastructure to protect themselves.

 

So, SMEs focus on prevention - firewalls and antivirus software - while believing that it will be enough because it will probably never happen to them anyway. What they should be focusing on is whether the business can recover and survive when their firewalls fail.

 

What helps businesses recover quickly

More and more, businesses are viewing technology as the answer to all of their problems, and ransomware recovery is no exception. But that’s not always the case. A lot of it comes down to understanding. Which systems are integral? How can restoration take place, and what’s involved? Where are backups stored? And are they separate from the main system? Having documented recovery procedures, a clear communication plan, and external support partners where relevant, changes the outlook. 

 

What SMEs should be doing to stay protected

Ransomware is as much about business continuity as it is about cybersecurity. Because it’s businesses that can recover without disruption that will survive intact. Because they can show their customers that they can still be trusted. And that means taking a different approach.

 

Instead of focusing only on cyber protection and the presence of backups, you need to be looking at how quickly and easily you can recover should an attack take place. Not just theoretically, but practically, with regular recovery testing. Because that’s what could save your business.

 

When a ransomware attack happens, the real challenge is rarely the initial attack itself. It is how you deal with it in the days after. 

 

---

 

William Thackray is Operations Director of AGT Computer Services

 

Main image courtesy of iStockPhoto.com and natatravel